OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-05 19:20:34 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #107 from thomcc/curses-funcs

Browse Source 
Add advisory for ncurses
This commit is contained in:
Tony Arcieri
2019-06-18 09:22:43 -07:00
committed by GitHub
parent 66d2b7a148 5522c6c9b9
commit af0882d810
1 changed files with 22 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
crates/ncurses/RUSTSEC-0000-0000.toml Normal file
View File

@@ -0,0 +1,22 @@
[advisory]
id = "RUSTSEC-0000-0000"
package = "ncurses"
date = "2019-06-15"
title = "Buffer overflow and format vulnerabilities in functions exposed without unsafe"
description = """
`ncurses` exposes functions from the ncurses library which:
- Pass buffers without length to C functions that may write an arbitrary amount of
data, leading to a buffer overflow. (`instr`, `mvwinstr`, etc)
- Passes rust &str to strings expecting C format arguments, allowing a format
vulnerability (functions in the `printw` family).
"""
patched_versions = []
url = "https://github.com/RustSec/advisory-db/issues/106"
affected_functions = ["ncurses::instr", "ncurses::mvwinstr", "ncurses::printw", "ncurses::mvprintw", "ncurses::mvwprintw"]